agent-dev-guardrails
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Prompt Injection (SAFE): The skill uses instructional guardrails ('Non-Negotiables') and role-play elements ('junior dev with amnesia') to guide agent behavior towards better software engineering practices. No patterns for bypassing system safety or extracting system prompts were found.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file access, or unauthorized network operations were identified. The skill mentions 'ReadLints' and 'pytest', which are standard development tools.
- Indirect Prompt Injection (SAFE): While the skill involves the agent reading and writing to project files, it includes a 'Security Reviewer' role specifically designed to detect and mitigate injection risks in code. This provides better protection than standard agents.
- Command Execution (SAFE): While the instructions mention running a setup script or validation commands (linting/testing), these are directed at the local environment for the purpose of software development and are not used for malicious privilege escalation or persistence.
Audit Metadata